Free Republic
Browse · Search
General/Chat
Topics · Post Article

To: BobSimons

UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.


11 posted on 03/10/2011 2:11:39 PM PST by central_va (I won't be reconstructed, and I do not give a damn.)
[ Post Reply | Private Reply | To 1 | View Replies ]


from the article

But the results show that when somebody puts in the work to enter that undiscovered country, that Macs prove as hackable as Windows computers or more so.

Luring the user to a suspect site in Safari, the VUPEN researcher remotely launched OS X's calculator app and wrote a file to the disc -- essentially paving the way for a full hijack of the machine. This was all done without the browser crashing or showing any irregularities.

He describes, "The victim visits a web page, he gets owned. No other interaction is needed."

The victim would likely think they merely clicked on a bad URL.

Thats scary going to a webpage and getting pwned..
At least Windows users utilize proactive defenses that block bad or otherwise malicious websites..

13 posted on 03/10/2011 2:16:49 PM PST by BobSimons
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va

quit blowing smoke.


14 posted on 03/10/2011 2:18:08 PM PST by BobSimons
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va
Believe me.

I believe everyone on this thread.

They are all so smart!

22 posted on 03/10/2011 2:31:39 PM PST by Glenn (iamtheresistance.org)
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va

The root password is irrelevant if you can just overflow a buffer (or even worse, the runtime stack) and execute malicious code. OSX’s problem is its lack of memory protection, which is fairly common among *nix systems.


23 posted on 03/10/2011 2:32:14 PM PST by Echo4C (We have it in our power to begin the world over again. --Thomas Paine)
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va

It is not clear from the article if he got root or not.

But once in with a user shell, he should be able to launch a privilege escalation attack.


34 posted on 03/10/2011 3:26:42 PM PST by proxy_user
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va
>UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.

Not true. Tom Duff regaled us of his first UNIX virus at a USENIX breakout session in 1988. The basic infection technique is to read the executable header, identifying the starting address for the code segment, save it, add your own code to the end of the code segment, patch the start address to run your "virus" code, then patch a section of your "virus" code to run the original entry point. Your "virus" can then scan all the executables in the current directory and PATH and infect all that you can successfully write. The technique works and spreads like wildfire in an environment with NFS mounted filesystem to "share" the garbage.

36 posted on 03/10/2011 4:47:12 PM PST by Myrddin
[ Post Reply | Private Reply | To 11 | View Replies ]

To: central_va
UNIX bases OSes are very difficult to hack. There are no viruses, as that concept doesn’t work in Unix. Without the root passwd there is very little distruction that can take place. Believe me.

No. Linux/UNIX can be hacked just like any other OS.

A hacker can modify an unprotected executable file, or a kernel load module, or even the disk sectors of an unprotected /dev/sda physical device. It takes only one mistake in securing a single file to blow up Linux completely.

For all the complaints about compatibility in Windows Vista/Win7, it does have extra security against those kinds of errors. x64 device drivers must be digitally signed with a Class 3 VeriSign Authenticode Certificate to load. Mandatory Integrity levels are enforced everywhere: all code runs in separate sandboxes based on the security level (Low, Medium, High, System). This is similar to TCB Orange Book used by the military for mandatory security levels (Unclassified, Secret, Top Secret, etc). Files in the TCB are owned by TrustedInstaller and cannot be modified even by super-users (Administrators).

Linux/UNIX has a ways to go to catch up to Win7 in terms of security.

37 posted on 03/10/2011 5:22:57 PM PST by Gideon7
[ Post Reply | Private Reply | To 11 | View Replies ]

Free Republic
Browse · Search
General/Chat
Topics · Post Article


FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson